透過另一個 postfix 伺服器進行 Postfix 中繼

tag-icon tag-icon email postfix
透過另一個 postfix 伺服器進行 Postfix 中繼

我的 LAN 上有一個使用 Virtualmin 運行的 postfix 伺服器。我在此伺服器上總共有 4 個網域,並且我需要能夠向該伺服器上的網域發送和接收電子郵件。

問題是我的 ISP (Comcast) 封鎖了入站和出站連接埠 25。

因此,我有一個遠端 VPS,希望用於在連接埠 587 上中繼入站和出站郵件。

所以我有四個網域:

域名.com 域名2.com 域名3.com 域名4.com

如果我從以下地址發送電子郵件[電子郵件受保護]我希望它透過我的外部郵件伺服器(mail.domain.com,也在我的 VPN 上為 10.1.0.10)中繼到其目的地。同時,如果有人發送電子郵件至[電子郵件受保護]我的 MX 記錄將使其傳送到 mail.domain.com,然後透過連接埠 587 和我的 VPN 傳送到我的網路。

我在這方面做了一點小工作。我可以存取我的 VPS,但收到一些錯誤訊息。我想我在弄清楚如何讓我的 VPS 上的用戶能夠透過此 Postfix 伺服器中繼郵件以通過 SASL 身份驗證時遇到問題。

這是 LAN 上 Postfix 伺服器上的 main.cf:

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated     defer_unauth_destination
myhostname = cactuar.domain.local
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = cactuar.domain.local, localhost.domain.local, , localhost
relayhost = [10.1.0.10]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks     permit_sasl_authenticated reject_unauth_destination
allow_percent_hack = no

# enable SASL authentication 
smtp_sasl_auth_enable = yes
# disallow methods that allow anonymous authentication. 
smtp_sasl_security_options = noanonymous
# where to find sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# Enable STARTTLS encryption 
smtp_use_tls = yes
# where to find CA certificates
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

這是我的遠端 mail.domain.com VPS 上的 main.cf:

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated     defer_unauth_destination
myhostname = mail.domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost.$mydomain $mydomain
relaydomains = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks     permit_sasl_authenticated reject_unauth_destination
allow_percent_hack = no
transport_maps = hash:/etc/postfix/transport

# SASL SUPPORT FOR CLIENTS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail clients.
#
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks     permit_sasl_authenticated reject_unauth_destination
smtp_sasl_auth_enable = yes
myorigin = $mydomain

當我從家庭伺服器向互聯網發送電子郵件時,我得到以下 mail.log 結果:

在我的家庭伺服器上:

Dec  5 12:41:02 cactuar postfix/qmgr[29509]: DEA6EC1725: from=<[email protected]>, size=655, nrcpt=1 (queue active)
Dec  5 12:41:03 cactuar dovecot: imap(domain): Connection closed in=748 out=2203
Dec  5 12:41:03 cactuar postfix/smtp[32026]: DEA6EC1725: to=<[email protected]>, relay=10.1.0.10[10.1.0.10]:587, delay=0.29, delays=0.08/0.04/0.17/0, dsn=4.7.8, status=deferred (SASL authentication failed; server 10.1.0.10[10.1.0.10] said: 535 5.7.8 Error: authentication failed: generic failure)

在我的遠端 VPS 上,當郵件來自我的家庭伺服器時:

Dec  5 13:43:34 kupo postfix/smtpd[29636]: connect from unknown[10.0.0.24]
Dec  5 13:43:34 kupo postfix/smtpd[29636]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Dec  5 13:43:34 kupo postfix/smtpd[29636]: warning: SASL authentication failure: Password verification failed
Dec  5 13:43:34 kupo postfix/smtpd[29636]: warning: unknown[10.0.0.24]: SASL PLAIN authentication failed: generic failure
Dec  5 13:43:34 kupo postfix/smtpd[29636]: disconnect from unknown[10.0.0.24]

我使用命令在 saslauthd 中設定了一個用戶saslpasswd2 -c <username>,當我連接到遠端 VPS 時,該用戶名稱位於我的內部伺服器中,並且 saslauthd 正在兩台電腦上運行。

希望有人能指導我解決這個問題。

感謝您的任何幫助,您可以提供。

相關內容